提交 72e637fe 编写于 作者: D Dan Carpenter 提交者: Mauro Carvalho Chehab

media: rc: validate that "rc_proto" is reasonable

Smatch complains that "rc_proto" comes from the user and it can result
in shift wrapping in ir_raw_encode_scancode()

    drivers/media/rc/rc-ir-raw.c:526 ir_raw_encode_scancode()
    error: undefined (user controlled) shift '1 << protocol'

This is true, but I reviewed the surrounding code and it appears
harmless. Anyway, let's verify that "rc_proto" is valid as a kernel
hardening measure.
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NSean Young <sean@mess.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab+huawei@kernel.org>
上级 7399139b
......@@ -263,7 +263,8 @@ static ssize_t lirc_transmit(struct file *file, const char __user *buf,
goto out_unlock;
}
if (scan.flags || scan.keycode || scan.timestamp) {
if (scan.flags || scan.keycode || scan.timestamp ||
scan.rc_proto > RC_PROTO_MAX) {
ret = -EINVAL;
goto out_unlock;
}
......
......@@ -226,6 +226,7 @@ enum rc_proto {
RC_PROTO_RCMM24 = 25,
RC_PROTO_RCMM32 = 26,
RC_PROTO_XBOX_DVD = 27,
RC_PROTO_MAX = RC_PROTO_XBOX_DVD,
};
#endif
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册